Category Started On Completed On Duration Cuckoo Version
FILE 2016-06-26 21:48:38 2016-06-26 21:59:00 622 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2016-06-26 21:48:38 2016-06-26 21:59:00

File Details

File name malware9.exe
File size 807936 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 44C39EB0
MD5 a7e735c7b70820af9277beaa0518cac1
SHA1 b86ce407c36001b709026ce8607a4fdc57af0db0
SHA256 010e9aaef322ab73027c3789b1a50a6a4ad9f4864ce8d1958c55554430e3ee19
SHA512 06264a5e132d4cf7de0ec6d6bd17dc57402b57ff9567e40f1adbe78afdb81b4cac18fd718291fe5f649ad1278e4acce8ff647d1bf36b7227d0195d15d6b9c178
Ssdeep 12288:vgxP4PaYzJDws15XLMdbw0IjPP8aLwS1z/BE+mrEkJFmVJbD:IxEtB2b2PPdLwS/q+iXUbbD
PEiD
  • Microsoft Visual C++ V8.0 (Debug)
Yara None matched
VirusTotal File not found on VirusTotal

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

malware9.exe

ntkrnl

drv.sys

Network Analysis

Nothing to display.

Behavior Summary

Files
  • C:\
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\malware9.exe
  • C:\Documents and Settings\cuckoo\Application Data\ntkrnl
  • C:\Documents and Settings\cuckoo\Application Data\dwm.exe
  • C:\Documents and Settings\cuckoo\Application Data\win-firewall.exe
  • C:\Documents and Settings\cuckoo\Application Data\adobeflash.exe
  • C:\Documents and Settings\cuckoo\Application Data\desktop.exe
  • C:\Documents and Settings\cuckoo\Application Data\jucheck.exe
  • C:\Documents and Settings\cuckoo\Application Data\jusched.exe
  • C:\Documents and Settings\cuckoo\Application Data\java.exe
  • C:\DosDevices\pipe\
  • pipe\sparkWdMJhZ
  • C:\Documents and Settings\cuckoo\Application Data\Installed\windefender.exe
  • C:\drv.sys
Mutexes
  • 7YhngylKo09H
  • SHELLCODE_MUTEX
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Processes

registry filesystem process services network synchronization

malware9.exe PID: 2000, Parent PID: 1908

windefender.exe PID: 2024, Parent PID: 2000

Volatility

Nothing to display.